Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Nextcloud Server Multiple Vulnerabilities (GHSA-396j-vqpr-qg45, GHSA-jf9h-v24c-22g5, GHSA-grph-cm44-p3jv)
Information
Severity
Severity
High
Family
Family
General
CVSSv2 Base
CVSSv2 Base
7.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
2 years ago
Modified
Modified
2 years ago
Summary
Nextcloud Server is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2021-32653: Default settings leak federated cloud ID to lookup server of all users - CVE-2021-32654: Attacker can obtain write access to any federated share/public link - CVE-2021-32655: Files Drop public link can be added as federated share
Affected Software
Affected Software
Nextcloud server prior to versions 19.0.11, 20.0.10 or 21.0.2.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 19.0.11, 20.0.10 or 21.0.2 or later.